Defense Trade Application System 



Exhibit 300: Part I : Summary Information and Justification (All Capital Assets) 



I .A. Overview 



1. Date of Submission: 


2/2/2007 


2. Agency: 


Department of State 


3. Bureau: 


Bureau of Political-Military Affairs 


4. Name of this Capital Asset: 


Defense Trade Application System 


5. Unique Project (investment) identifier: (For IT investment only, 
see section 53. For all other, use agency ID system.) 


014-00-01-05-01-1398-00 


6. What kind of investment will this be in FY2008? (Please NOTE: 
Investments moving to O&M ONLY in FY2008, with 
Planning/ Acquisition activities prior to FY2008 should not select 
O&M. These investments should indicate their current status.) 


Mixed Life Cycle 


7. What was the first budget year this investment was submitted to 
OMB? 


FY2003 


8. Provide a brief summary and justification for this investment, including a brief description of how this closes in part or in whole an 
identified agency performance gap: 


The purpose of this section is to present the summary and justification of the Defense Trade Application System (DTAS) Business Case for the Department of State (DoS) Fiscal 
Year FY) 2008 budget submission. DTAS is a working web- based export license application system critical to national security. DTAS is composed of three major subsystems. D- 
Trade, the most visible DTAS sub-system was formally rolled out by then Secretary of State Collin Powell, February 18, 2004. After a year and a half of operation D- Trade has 
shown itself to be a paperless, user-friendly and security- sensitive defense technology export licensing system. D-Trade is important because it's one of many integrated parts 
within the U.S. national security system that controls the export of defense items and technologies. D-Trade is also part of the president's management agenda, which aims to 
advance effective government through e-government. The second component of DTAS is T-RECS, the Trade Registration, Enforcement and Compliance System (T-RECS). T- 
RECS provides for e-Gov services with electronic referral of applications for DHS, DOJ , etc. T-RECS is designed around Federal Enterprise Architecture (FEA) application of MS. Net 
technology. The T-RECS version 2 is being deployed as a Proof of Concept for user review, testing and component database interface evaluations in September 2005. The third 
component of DTAS is DTAR, the Defense Trade Archive Repository. DTAR is a working subsystem that implements electronic storage of applications for the DTAS data 
management requirements. It leverages existing expertise in the PM and VC Bureaus to operate high speed scanners, R/Ware and KM systems for identifiable cost savings. It is 
NARA approved and delivers long-term unit cost reductions to DDTC that will restrain the growth rate for operating costs. In total, these component of DTAS support our critical 
efforts to control international traffic in arms as required by the International Traffic in Arms control Regulations (ITAR) 22 CFR 120-130. The new DTAS subsystems and 
processes do not simply speed up old processes. They represent changes the ways in which we document, review, managed, and approved defense trade and technology 
distributions that improve the overall security of the United States and its allies. 


9. Did the Agency's Executive/ 1 nvestment Committee approve this 
request? 


Yes 


a. 1 f "yes," what was the date of this approval? 


8/4/2006 


10. Did the Project Manager review this Exhibit? 


Yes 


12. Has the agency developed and/ or promoted cost effective, energy 
efficient and environmentally sustainable techniques or practices for 
this project. 


No 


a. Will this investment include electronic assets (including 
computers)? 


Yes 
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b. 1 s this investment for new construction or major retrofit of a 
Federal building or facility? (answer applicable to non-IT assets only) 


No 


1. If "yes," is an ESPC or UESC being used to help fund this 


1 


2. If "yes," will this investment meet sustainable design 
principles? 


3. If "yes," is it designed to be 30% more energy efficient than 


■1 


13. Does this investment support one of the PMA initiatives? 


Yes 


If "yes," check all that apply: 


Human Capital, Expanded E-Government 


13a. Briefly describe how this asset directly supports the identified 
initiative(s)? 


Expanded Electronic Government: - DTAS: Shares information more quickly and 
conveniently among the federal agencies and by collaborating more readily with our 
allies - foreign governments by providing a web based electronic interface between 
government agencies participating in the defense trade application analysis area. DTAS 
uses electronic submissions, on-line license officer reviews, electronic referral and 
returned positions to service the massive license application increases. 


14. Does this investment support a program assessed using the 
Program Assessment Rating Tool (PART)? (For more information 
about the PART, visit www.whitehouse.gov/ omb/ part.) 


No 


a. if "yes," does this investment address a weakness found during 
the PART review? 


No 


b. If "yes," what is the name of the PART program assessed by 
OMB's Program Assessment Rating Tool? 




c. If "yes," what PART rating did it receive? 






If the answer to Question: "Is this investment for information technology?" was "Yes," complete this sub-section. If the answer is "No," do 
not answer this sub-section. 


For information technology investments only: 


16. What is the level of the IT Project? (per CIO Council PM Guidance) 


Level 2 


17. What project management qualifications does the Project 
Manager have? (per CIO Council PM Guidance): 


(1) Project manager has been validated as qualified for this investment 


18. Is this investment identified as "high risk" on the Q4 - FY 2006 
agency high risk report (per OMB's "high risk" memo)? 


No 






a. If "yes," does this investment address a FFMI A compliance area? 


No 


1. If "yes," which compliance area: 




2. If "no," what does it address? 


b. If "yes," please identify the system name(s) and system acronym(s) as reported in the most recent financial systems inventory update 
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20. What is the percentage breakout for the total FY2008 funding request for the following? (This should total 100% ) 



Hardware 


8 


Software 


7 


Services 


85 


Other 


0 


21. If this project produces information dissemination products for 
rne puDiic, are rnese prouucis puoiisnea co me i nrerner in 
conformance with OMB Memorandum 05-04 and included in your 
agency inventory, schedules and priorities? 


No 


23. Are the records produced by this investment appropriately 
scheduled with the National Archives and Records Administration's 
approval? 


Yes 



I .D. Performance I nformation 



1 n order to successfully address this area of the exhibit 300, performance goals must be provided for the agency and be linked to the annual 
performance plan. The investment must discuss the agency's mission and strategic goals, and performance measures must be provided. 
These goals need to map to the gap in the agency's strategic goals and objectives this investment is designed to fill. They are the internal and 
external performance benefits this investment is expected to deliver to the agency (e.g., improve efficiency by 60 percent, increase citizen 
participation by 300 percent a year to achieve an overall citizen participation rate of 75 percent by FY 2xxx, etc.). The goals must be clearly 
measurable investment outcomes, and if applicable, investment outputs. They do not include the completion date of the module, milestones, 
or investment, or general goals, such as, significant, better, improved that do not have a quantitative or qualitative measure. 

Agencies must use Table 1 below for reporting performance goals and measures for all non-1 T investments and for existing IT investments 
that were initiated prior to FY 2005. The table can be extended to include measures for years beyond FY 2006. 



Performance I nformation Table 1: 



Fiscal 
Year 


Strategic Goal(s) Supported 


Performance Measure 


Actual/ baseline (from 
Previous Year) 


Planned Performance Metric 
(Target) 


Performance Metric Results 
(Actual) 


2004 


Performance Goal #3 under 
Strategic Goal 4 - Weapons of 
Mass Destruction - Verification, . 
. . implementation . . . , and 
rigorous enforcement of 
compliance . . . 


Increase percentage of DSP-5 
license requests handled 
electronically to 10% 


1% of DSP-5 license requests 
processed electronically 


Make a comparison of DSP-5 
licenses processed in FY-2002 
and FY-2003 and licenses 
processed in FY-2004 


This represented 100% increase 
in D- Trade usage over the pilot 
processing that occurred in 
2003 (First partial year of 
operation). 


2004 


Performance Goal #2 under 
Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 


Reduce median processing time 
for electronic licenses by 8 days 
to 43 days 


51 day median processing time 
for a referred license 


Review records to compare 
processing times from FY-2002 
and FY-2003 to FY-2004 


This represents a 46% 
improvement in the license 
process time 
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IT management and 
.infrastructure . . . 










2004 


Performance Goal #2 under 
Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


Obtain median processing time 
of 5 days for electronic licenses 

1 


8 day median processing time 
for a non- referred license 


Review processing records for 
FY-2004 to confirm processing 

himo h^c Koon roHi ir'oH in 
Llillc llaz> Lfccl 1 icUULcU III 

comparison to FY-2002 and FY- 
2003. 


This represents a 37% 
improvement in the license 

iji ULtrbbi 1 ly LI IT Icr. 

1 


2005 Performance Goal #3 under 
Strategic Goal 4 - Weapons of 
Mass Destruction - Verification, . 
. . implementation . . . , and 
rigorous enforcement of 
compliance . . . 


Increase percentage of license 
requests handled electronically 

to z47o 


As of September 2004 we are 
processing 6% of the licenses 
applications electronically 


Percentage of licenses handled 
electronically 


700 + DSP-5S processed for 
each month - J une and J uly of 


2005 


Performance Goal #2 under 
Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


Improve processing response 
time to 24 days 


As of September 2004, 
processing time for an 

ol or"lTAn i 1 1\/ rof orroH 1 i r'on co 
ClCLLl (Jl M La M y icIciicU MLcllz>cr 

was reduced to 28 days 


Median processing time for a 
referred electronic licenses 


This represents a 21% 
improvement in processing 
ti ms. 

1 


^005 'Performance Goal #2 under 

Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


Obtain median processing time 
of 4 days for electronic licenses 


As of September 2004 the 
median processing time for 
electronic non-referred license 
has been reduced to 5 days. 


Median processing time for 
electronic licenses 


The monthly median days 
processing times show great 
variances when the days are 
measured on small numbers. 


2005 

1 


Performance Goal #3 under 
Strategic Goal 4 - Weapons of 
Mass Destruction - Verification, . 
. . implementation . . . , and 
rigorous enforcement of 
compliance . . . 


Handle 25 % of DSP-5 special 
handling cases via D-Trade 

1 


DSP-5 special handling cases 
are not currently processed 
electronically via D-Trade 

1 


Percentage of case 
categorized/ requiring special 
handling 




2005 Performance Goal #2 under 

Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 
IT management and 
infrastructure . . . 


License officers will sign 10% of 
DSP-5 cases electronically 


No DSP-5 cases are currently 
signed electronically by license 
officers 


Cases signed to cases signed 
electronically - percentage 


Data show as many as 400 DSP- 
5 licenses per month are now 
signed electronically. This is 
approximately 10% of total 
DSP-5 cases. 

1 


2005 Performance Goal #2 under 

Strategic Goal 12 - Management 
and Organizational Excellence - 
Modernized, secure, high quality 
IT management and , 
linfrastructure ... I 


Increase to 20% - . 5% of DSP- 
5 Cases are referred to bureaus 

anH anpriripQ plprfrnnirallv 

□ iiu ciudi^icz> dc^Liuiiii..aiiy 

1 


.5% of DSP-5 Cases are referred 
to bureaus and agencies 

piprfrnn i r;=i 1 1\/ 

1 


Cases referred to bureaus and 
agencies electronically - 


Complete data are not yet 
available for the 2005 fiscal 
year 



All new IT investments initiated for FY 2005 and beyond must use Table 2 and are required to use the Federal Enterprise Architecture (FEA) 
Performance Reference Model (PRM). Please use Table 2 and the PRM to identify the performance information pertaining to this major IT 
investment. Map all Measurement Indicators to the corresponding "Measurement Area" and "Measurement Grouping" identified in the PRM. 
There should be at least one Measurement I ndicator for at least four different Measurement Areas (for each fiscal year). The PRM is available 
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at www.egov.gov. 



Performance I nformation Table 2: 



Fiscal 
Year 


Measurement 
Area 


Measurement 
Category 


Measurement Measurement 
Grouping 1 ndicator 

1 


Baseline 

1 


Planned 
1 mprovement to the 
Baseline 


Actual Results | 


zUUj 


Customsr 
Results 


timeliness and 
Responsiveness 


Response Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


30 days median 
processing time for D- 
Trade cases for 2004 


Decrease processing 
time for by 1 day per 
quarter for FY 2005 

1 


End of 3rd qtr 2005 - shows median D-Trade referred 
cases are now taking 25 days to process. 


2005 


Mission and 

Business 

Results 


Information and 

Technology 

Management 


IT Percent (%) of all 
Infrastructure referred and non- 
Maintenance referred license 
applications 
Processed using 
D-Trade 


1.2 % - FY 2004 


1 ncrease by 1% per 
quarter for FY 2005 


Number of cases processed has increased steadily in 
each quarter in FY 2005. Seven (7 %) of cases were 
being processed using D-Trade by the end of the 3rd 
quarter 2005. 


2005 


Processes and 
Activities 


Management 
and Innovation 


Innovation and % of Approved 
Improvement referred and non- 
referred cases 
signed 

lelectronically 


0 cases signed in FY 
2004 - no e-signature 
D-Trade system 
module was in 
operation 


1% of DSP-5 cases to 
be signed 

electronically by 4th 
QTR 2005 


3rd QTR 2005 data - shows 400 cases signed 
electronically. This is approximately .3 % of cases. 


2005 


Technology 


Effectiveness 


IT Contribution 1 ncreasing % of 
to Process, new DDTC 
Customer, or Registrants Using 
Mission D-Trade to submit 
DSP5S 

electronically 


1% of new registrants 
used D-Trade to 
submit DSP-5S in FY 
2004 


1% increase per 
quarter for FY 2005 


5% of New registrants are using D-Trade to submit 
DSP-5S at the end of 3rd QTR 2005 


2006 


Customer 
Results 


Timeliness and 
Responsiveness 


Response Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


lEnd of FY 05 median 
result [Note: Medians 
times are used per 
GAO report, GAO-01- 
528 that discusses 
how licenses times 
can be significantly 
improved by a few 
emergency case or 
lengthened by a small 
number of difficult 
policy cases. 

FY 05 calculated 10% 
of DSP-5 cases 
processed using D- 
Trade 


Continue to decrease 
the number of days 
required to process a 
case at a steady rate 
until this reaches a 
median of 20 days per 
case/ per month. 


http://www.pmddtc.state.gov/processtime.htm For 
FY 06 - an unstable measure, the high range 
variations (48-24) for staffed cases staffed cases has 
a median processing time = 36 days; far lower times 
for non-staffed cases - median - 13.4 days. 


2006 


Mission and 

Business 

Results 


Information and 

Technology 

Management 


Information Percent (%) of all 
Management DSP-5 referred 
;and non- referred 
license 
applications 
submitted to 
DDTC using D- 
frrade. 


Increase the percent 
of the total of DSP-5 
and all cases 
submitted for 
processing using D- 
Trade by 1 % per 
quarter 


D-Trade received approximately 60% of DSP-5 D- 
Trade cases for the 4th quarter of FY 2006. D-Trade 
submission increased relative to the legacy and paper 
submission with FY. All DSP 5 submissions are beiing 
received via D-Trade for 2007. 


2006 


Mission and 


1 nformation and 


1 nformation |Percent of all 


|End of FY 2005 


2 % per FY quarter. 


Results for 4th quarter were up over 3rd quarter of 
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Business 
Results 


Technology 
Management 


Management 


Cases examined 
by DDTC, 
submitted to D- 
Trade. 


results. 1 
(approximately 5%) 




FY06. D-Trade submissions (all) were 3460 or 28% of 
the total of 12256 submissions for 4th quarter FY06. 


2006 


Processes and 
Activities 


'Management 
and Innovation 


1 nnovation and 
1 mprovement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


End of FY 05 result of 
3% 


FY 06 QTR 1 - 1% of 

cases to be signed 
electronically; QTR 2 - 
2% of DSP-5 cases to 
be signed 

electronically; QTR 3 - 
5% of cases to be 
signed electronically; 
QTR 4 - 8% of cases 
to be signed 
electronically 


D-Trade has delivered excellent results. D-Trade 
submissions (all) are now signed electronically when 
completed and licenses are approved. [4th Qtr. 2006 
- 3460 or 28% of the total of 12256 submissions for 
4th quarter FY06. 


2006 


Teclinology 


Effectiveness 


IT Contribution 
to Process, 
Customer, or 
Mission 


Number of new 
DDTC Registrants 
Using D-Trade to 
submit DSP5S. 


End of FY 05 result 
(Less than 1%) 


5 % increase per 
quarter for FY 2006; 
reaching 25 % of all 
new registrants submit 
DSP5S using D-Trade 
by end of FY 2006 


New registrant's - 180 new DDTC registrants for the 
4th quarter. Qnly 16 applied for license, and of this 
number - 50% used D-Trade rather than Detra. 


[2007 " 


Customer 
Results 


Timeliness and 
Responsiveness 


Response Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


End of FY 06 median 
result [Note: Medians 
times are used per 
GAO report, GAO-01- 
528 that discusses 
how licenses times 
can be significantly 
improved by a few 
emergency case or 
lengthened by a small 
number of difficult 
policy cases. 


1 mprove median 
reported and 
published results. 
Continue to decrease 
the number of days 
required to process a 
case at a steady rate 
until this reaches a 
median of 20 days per 
case/ per month. 


During the 1st quarter of FY 07 process 
improvements were made; D-Trade staffed case 
median processing time - 31 days; non-staffed cases 
median processing - 11 days. The average of staffed 
& non-staffed days reached 21 days, (very near 
target) 


2007 


Mission and 

Business 

Results 


'information and 

Technology 

.Management 


1 nformation 
Management 


Percent (%) of all 
referred and non- 
referred license 
applications 
Processed 


D-Trade received 
approximately 17% of 
DSP- 5 D-Trade cases. 
D-Trade submission 
increased relative to 
the legacy and paper 
submission with 23% 
(854 of 3734) DSP-5 
submissions being 
received via D-Trade. 


1 ncrease by 2% per 
quarter for FY 2007 


Excellent progress -exceeding targets. D-Trade 
received approximately 59% of license applications 
for December 2006. D-Trade submissions - 3870; 
Detra - 2596. 


2007 


Processes and 
Activities 


Management 
and Innovation 


Innovation and 
1 mprovement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


End of FY 06 result 


>Y 07 QTR 1 - 10 % of 
cases to be signed 
electronically; QTR 2 - 
12% of DSP-5 cases to 
be signed 

ClcLLIUIIILdliy, V.^lr\J- 

15% of cases to be 
signed electronically; 
QTR 4 - 18% of cases 


Progress for FY 2006 greatly exceeded targets in the 
first quarter of 2007. As of Sept 30, 2006 27.8% of 
all DDTC cases were signed electronically; increasing 
to 33% - October, 48% November; 59% of all cases 
signed electronically for Dec. 2006.. 
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& be signed 
electronically 




2007 


Technology 


Effectiveness 


IT Contribution 
to Process, 
Customer, or 


Number of new 
DDTC Registrants 
Using D-Trade vs. 

L/cLI d LU bUUIIHL 

license 
applications. 


End of FY 06 result 


10 % increase per 
quarter for FY 2007; 
reaching 65 % of all 

lltrW IcyibLldllLb bUUIIIIL 

applications using D- 
Trade by end of FY 
2007 


Data new registrant's for the 1st quarter of FY 07 
shows there are 19 new registrants submitting 
applications. Of those 19 submitted applicants for 

lironcoc 14 nr I'^.'^L iicorl n TraHo /RRO/, 
MLfcrllbfcrb, Ul /j/o UbfcrU L/-lldUfcr. ^DD/o 

improvement over 2006 data). This now exceeds the 
FY target. | 


2008 


Customer 
Results 


Timeliness and 
Responsiveness 


Response Time 


Median number of 
days required to 
process staffed D- 
Trade license 
applications for 
referred cases 
using D-Trade. 


End of FY07 results. 


Continue to decrease 
the number of days 
required to process a 
case at a steady rate 
until this reaches an 
average of 18 days 
per case. [Currently 
estimated to be an 
optimum level given 
the required 
processing and review 
time w/i other 
agencies.] 




2008 


Mission and 
Results 


Information and 

1 CLI 1 1 luiuy y 

Management 


1 nformation 

|vicii laycri 1 ICl 1 L 


Percent (%) of all 

ifcrlfcrllfcrU dllU IIUII- 

referred license 

applications 

Processed 


FY 07 calculated 20% 

processed using D- 
Trade 


70 % per FY quarter. 




2008 


Processes and 
Activities 


Management 
and Innovation 


1 nnovation and 
1 improvement 


% of Approved 
referred and non- 
referred cases 
signed 

electronically 


End of FY 07 result 


FY 06 QTR 1 - 31% of 

tases to be signed 
electronically; QTR 2 - 
52% of DSP-5 cases to 
be signed 

electronically; QTR 3 - 
65% of cases to be 
signed electronically; 
QTR 4 - 75% of cases 
to be signed 
electronically 




2008 


Technology 


Effectiveness 


IT Contribution 
to Process, 

Mission 


Number of new 
DDTC Registrants 

1 1 1 U L-* 1 1 □ U C \.\J 

submit DSP5S 


End of FY 07 result 


,20 % increase per 
quarter for FY 2007; 

rp;^rhinn Wn nf all 

\J ~J /u \J\ cull 

new registrants submit 
DSP5S using D-Trade 
by end of FY 2008 





I .E. Security and Privacy 

I n order to successfully address this area of the business case, each question below must be answered at the system/ application level, not at 
a program or agency level. Systems supporting this investment on the planning and operational systems security tables should match the 
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systems on the privacy table below. Systems on the Operational Security Table must be included on your agency Fl SMA system inventory and 
should be easily referenced in the inventory (i.e., should use the same name or identifier). 

All systems supporting and/ or part of this investment should be included in the tables below, inclusive of both agency owned systems and 
contractor systems. For IT investments under development, security and privacy planning must proceed in parallel with the development of 
the system/ s to ensure IT security and privacy requirements and costs are identified and incorporated into the overall lifecycle of the 
system/ s. 

Please respond to the questions below and verify the system owner took the following actions: 

1. Have the IT security costs for the system(s) been identified and integrated into the overall costs of the investment: Yes 
a. If "yes," provide the "Percentage IT Security" for the budget year: 15 

2. I s identifying and assessing security and privacy risks a part of the overall risk management effort for each system supporting Yes 
or part of this investment. 



4. O perational Syste ms - Sec urit 



Name of System 


Agency/ or Contractor 
Operated System? 


NIST FIPS 199 
Risk 1 mpact 
level 


Has C&A been 
Completed, using NIST 
800-37? 


Date C&A 
Complete 


What standards were used 
. for the Security Controls 
tests? 


Date Complete(d): 
Security Control Testing 


Date the 
contingency plan 
tested 


Defense Trade 
lApplication System 


Contractor and 
Government 


High 


Yes 


10/31/2006 


1 

FIPS 200 / NIST 800-53 


6/30/2006 


7/31/2006 



5. Have any weaknesses related to any of the systems part of or supporting this investment been identified by the agency or 1 G? No 
a. if "yes," have those weaknesses been incorporated agency's plan of action and milestone process? Yes 

6. 1 ndicate whether an increase in IT security funding is requested to remediate IT security weaknesses? No 

a. 1 f "yes," specify the amount, provide a general description of the weakness, and explain how the funding request will remediate the 
weakness. 



7. How are contractor security procedures monitored, verified, validated by the agency for the contractor systems above? 

System Audit Logs and database audit logs are turned on and reviewed periodically. System use metrics are maintained and reviewed at least weekly. Anomalies that are 
discovered in the audit tracl<ing are investigated. Additionally we have had periodic reviews by the 01 G and re mediated the system in accordance with their findings. As noted in 
previous paragraphs access to the system is scrutinized by a rigorous access request process that includes Additions, modifications, and Deletions with aggressive service level 
agreements to ensure employees do not have access to the system after leaving. The system was accredited in October of 03 and we are currently stepping through Certification 
renewal with the Office of Information assurance, with an expected accreditation date of Jan 30, 06 



8. Planning & Operational Systems - Privacy Table: 



Name of System 


1 s this a new 
system? 


1 s there a Privacy 1 mpact 
Assessment (PI A) that covers this 
system? 


1 s the PI A available 
to the public? 


1 s a System of Records Notice 
(SORN) required for this system? 


Was a new or amended SORN published in FY 06? 


Defense Trade 
[Application System 


Yes 


Yes. 


Yes. 


Yes 


No, because the existing Privacy Act system of 
records was not substantially revised in FY 06. 
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I .F. Enterprise Architecture (EA) 



I n order to successfully address this area of the business case and capital asset plan you must ensure the investment is included in the 
agency's EA and Capital Planning and I nvestment Control (CPI C) process, and is mapped to and supports the FEA. You must also ensure the 
business case demonstrates the relationship between the investment and the business, performance, data, services, application, and 
technology layers of the agency's EA. 

1. 1 s this investment included in your agency's target enterprise architecture? Yes 
a. If "no," please explain why? 



2. I s this investment included in the agency's EA Transition Strategy? 

a. if "yes," provide the investment name as identified in the Transition Strategy provided in the agency's most recent annual EA 
Assessment. 

b. If "no," please explain why? 



Yes 

Defense 
Trade 
Application 
System 



3. Service Reference i^lodel (SRI^I) Table: 

identify tlie service components funded by tliis major IT investment (e.g., Icnowledge management, content management, customer relationship 
management, etc.). Provide this information in the format of the following table. For detailed guidance regarding components, please refer to 

http:/ / www.whitehouse.gov/ omb/ egov/ . 




Agency 
Component Name 

1 


Agency Component Description 

1 


Service 
Domain 

1 


FEA SRM 
Service Type 


FEA SRM 
Component 


FEA Service FEA Service 1 nternal 
Component Component or 
Reused Name Reused UPl External 
, , Reuse? 


BY Funding 
Percentage 


Data Exchange 


Defines the set of capabilities that support 
the interchange of information between 
multiple systems or applications; includes 
verification that transmitted data was 
received and unaltered. 


Bacl< Office 
Services 


Data 

Management 


Data Exchange 


1 


1 


No Reuse 


0 


Extraction and 
[Transformation 


Defines the set of capabilities that support 
the manipulation and change of data. 


Bacl< Office 
Services 


Data 

Management 


Extraction and 
Transformation 






No Reuse 


0 


Reporting 


Defines the set of capabilities that support 
the use of pre-conceived or pre-written 
reports. 


business 

Analytical 

Services 


Reporting 


Standardized / 
Canned \ 






No Reuse 


° 1 


Change 

Management (New 
DoS Service) 


Defines the set of capabilities that control 
the process for updates or modifications to 
the existing documents, software or 
business processes of an organization. 


Business 

Management 

Services 


Management of 
Processes 


Change 
Management 






No Reuse 


0 


Configuration 
Management (New 
DoS Service) 


Defines the set of capabilities that control 
the hardware and software environments, as 
well as documents of an organization. 


business 

Management 

Services 


Management of 
Processes 


Configuration 
Management 1 


1 




No Reuse 


0 1 


[program / Project 


Defines the set of capabilities that manage 


Business 


Management of 


Program / 






No Reuse 


0 
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Management (New and control a particular effort of an 
DoS Service) organization. 


Management 
Services 


Processes 


Project 
Management 










Requirements Defines the set of capabilities that gather, 

Management (New analyze and fulfill the needs and 

DoS Service) prerequisites of an organization's efforts. 


Business 

Management 

Services 


Management of 
Processes 


Requirements 
Management I 


1 




No Reuse 




Defines the set of capabilities that provide a 
comprehensive view of all customer 
Contact interactions, including calls, email. 
Management correspondence and meetings; also provides 
for the maintenance of a customer's 
account, business and personal information. 


Customer 
Services 


Customer 

Relationship 

Management 


Contact and 
Profile 

Management 






No Reuse 


0 


, , . . Defines the set of capabilities that allow 
Information ^ ■ c t * u 
_ . . , access to data and information for use by an 
Retrieval . ^. ^ ^ , u u 

organization and its stakeholders. 


Digital Asset 
Services 


Knowledge 
Management 


1 nformation 
Retrieval 


1 




No Reuse 




Defines the set of capabilities that manage 
the lifecycle of a particular claim or 
Case Management investigation within an organization to 
(New DoS Service) include creating, routing, tracing, 

assignment and closing of a case as well as 
collaboration among case handlers. 


Process 

Automation 

Services 


Tracking and 
Workflow 


Case 

Management 






No Reuse 


0 


_ T- 1 ■ Defines the set of capabilities that allow the 
Process Tracl<ing . , . 
,,, r- t- ■ , monitoring of activities within the business 
(New DoS Service) ^y^^^ 


Process 

Automation 

Services 


Tracking and 

Wnrkf low 


Process Tracking 


1 




No Reuse 


0 


Defines the set of capabilities that support 

_ /- f the design and generation of electronic or 
Forms Creation u ■ i * ^ t i c ..u- 
... ^ r- r- 1 physical forms and templates for use within 
(New DoS Service) Tu u ■ i u ■ t- ^ 

the business cycle by an organization and its 

.stakeholders. 


Support 


Forms 


Forms Creation 






No Reuse 


0 


Services 


Management 






|l-/c:M 1 Icb Lllc bcrL Ul LCI|JC1UIIILIc:d LllClL bU|J|JUlL 

Forms Modification the maintenance of electronic or physical 
(New DoS Service) forms, templates and their respective 
elements and fields. 


Support 
Services 


Forms 

Management 


Forms | 
Modification 


1 




No Reuse 


0 


Defines the set of capabilities that support 

, ^ ^ , the management of permissions for logging 
Access Control ^ ^ ^ , aa a 
,., „ t- r- ■ > onto a computer, application, service, or 
(New DoS Service) . , ■ , ^ t ^ 
network; includes user management and 

role/privilege management. 


Support 
Services 


Security 
Management 


Access Control 






No Reuse 


0 


, . Use and management of electronic 
Digital Signature . . . ^ ^ t ^ 
^ ^ ... signatures to support authentication and 
Management (New .\ . . ■ , ^ i,,. , 
nnq qpruirpi i^^'^^ integrity; includes public key 
uob service; infrastructure (PKI). 


Support 
Services 


Security 
Management 


Digital Signature 
Management 


1 




No Reuse 


0 


Defines the set of capabilities that support 
Identification and obtaining information about those parties 
Authentication attempting to log on to a system or 
(New DoS Service) application for security purposes and the 

validation of those users. 


Support 
Services 


Security 
Management 


1 dentification 
and 

Authentication 






No Reuse 


0 


Fypn ifpc: mainfainc: anri QiinnnrfQ fhp 

Data Network devices, facilities and standards that provide 
Services the computing and networking within and 
between enterprises. 


Support 
Services 


Security 
Management 


NEW 






No Reuse 


0 
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Use existing SRI^ Components or identify as "NEW". A "NEW" component is one not already identified as a service component in tlie FEA 
SRIM. 



A reused component is one being funded by another investment, but being used by this investment. Rather than answer yes or no, identify 
the reused service component funded by the other investment and identify the other investment using the Unique Project I dentifier (UPl ) 
code from the OivlB Ex 300 or Ex 53 submission. 

'internal' reuse is within an agency. For example, one agency within a department is reusing a service component provided by another 
agency within the same department. 'External' reuse is one agency within a department reusing a service component provided by another 
agency in another department. A good example of this is an E-Gov initiative service being reused by multiple organizations across the federal 
government. 

Please provide the percentage of the BY requested funding amount used for each service component listed in the table. If external, provide 
the funding level transferred to another agency to pay for the service. 



4. Technical Reference Model (TRM) Table: 



To demonstrate how this major IT investment aligns with the FEA Technical Reference Model (TRM), please list the Service Areas, Categories, Standards, and 

Service Specifications supporting this IT investment. 



rc#4 sm*i ^uiil i^uiicii L 




r CH 1 SCI viivts 

Category 


FFA TRM Qarui^a Q^anHarH 


name) 


L.a5c Ividnay ciTicnt 


L-Omponent rrameworK 


Dusiness Logic 


riatrorm inoepencient 


1 ava oerviet y jk dj) 


Case Management 


Component Framework 


Business Logic 


Platform Independent 


1 avaScript 


Case Management 


'Component Framework 


Data Interchange 


Data Exchange 


Electronic Business using XML (ebXML) 


Information Retrieval 


Component Framework 


Data Management 


Database Connectivity 


lava Database Connectivity (JDBC) 


Case Management 


Component Framework 


|Presentation / 1 nterface 


Content Rendering 


Cascading Style Sheets (CSS) 


Case Management 


Component Framework 


Presentation / 1 nterface 


Dynamic Server-Side Display 


lava Server Pages (JSP) 


Case Management 


Component Framework 


jPresentation / Interface 


Static Display 


Hyper Text Markup Language (HTML) 


Contact and Profile 
Management 


Component Framework 


Security 


Certificates / Digital Signatures 


Digital Certificate Authentication 


Contact and Profile 
Management 


Component Framework 


Security 


Certificates / Digital Signatures 


Secure Sockets Layer (SSL) 


Digital Signature Management 


Service Access and Delivery 


Access Channels 


Other Electronic Channels 


Web Service 


Forms Creation 


Service Access and Delivery 


Access Channels 


Web Browser 


1 nternet Explorer 


Access Control 


Service Access and Delivery 


IService Requirements 


Hosting 


Internal (within Agency) 


Forms Creation 


Service Access and Delivery 


Service Requirements 


Legislative / Compliance 


Section 508 


Access Control 


iService Access and Delivery 


(Service Requirements 


Legislative / Compliance 


Security 


Data Exchange 


Service Access and Delivery 


Service Transport 


Service Transport 


Hyper Text Transfer Protocol Secure (HTTPS) 


Data Exchange 


Service Access and Delivery 


Service Transport 


Service Transport 


Internet Protocol (IP) 


Data Exchange 


Service Access and Delivery 


Service Transport 


Service Transport 


Transport Control Protocol (TCP) 


Identification and 
Authentication 


Service Access and Delivery 


Service Transport 


Supporting Network Services 


Domain Name System (DNS) 


Identification and 
Authentication 


Service Access and Delivery 


1 

Service Transport 


Supporting Network Services 


Lightweight Directory Access Protocol (LDAP) 
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Information Retrieval 


Service Interface and 
.Integration 


1 nteg ration 


Middleware 


Database Access: ISQL/w 


Case Management 


jService Interface and 
Integration 


Interoperability 


Data Format / Classification 


extensible Markup Language (XML) 


Case Management 


Service Interface and 
Integration 


1 nteroperability 


Data Transformation 


extensible Stylesheet Language Transform (XSLT) 


Data Exchange 


Service Interface and 
Integration 


Interoperability 


Data Types / Validation 


XML Schema | 


Information Retrieval 


Service Platform and 
il nfrastructure 


Database / Storage 


Database 


SQL Server 


Information Retrieval 


[Service Platform and 
Infrastructure 


Database / Storage 


Storage 


Network- Attached Storage (NAS) 


Data Exchange 


.Service Platform and 
|l nfrastructure 


Delivery Servers 


Web Servers 


1 nternet 1 nformation Server 


Information Retrieval 


'Service Platform and 
Infrastructure 


Hardware / Infrastructure 


Embedded Technology Devices Hard Disl< Drive | 


Case Management 


Service Platform and 
,1 nfrastructure 


Hardware / Infrastructure 


Embedded Technology Devices 


Random Access Memory (RAM) 










Data Exchange 


|Service Platform and 
Infrastructure 


Hardware / Infrastructure 


Local Area Network (LAN) 


Ethernet 


Contact and Profile 
Management 


.Service Platform and 
|l nfrastructure 


Hardware / Infrastructure 


Network Devices / Standards 


Firewall 


|Data Exchange 


Service Platform and 
Infrastructure 


Hardware / Infrastructure 


Network Devices / Standards Hub | 


Extraction and 
[Transformation 


Service Platform and 
,1 nfrastructure 


Hardware / Infrastructure 


Peripherals 


Printer 








Information Retrieval 


|Service Platform and 
Infrastructure 


Hardware / Infrastructure 


Servers / Computers 


Enterprise Server 


Process Tracking 


Service Platform and 
|l nfrastructure 


Software Engineering 


Modeling 


Case Management 


Case Management 


Service Platform and 
Infrastructure 


Software Engineering 


Modeling 


Unified Modeling Language (UML) | 


Change Management 


Service Platform and 
,1 nfrastructure 


Software Engineering 


Software Configuration 
Management 


Change Management 


Change Management 


|Service Platform and 
Infrastructure 


Software Engineering 


Software Configuration 
Management 


Version Management 


Case Management 


Service Platform and 
Infrastructure 


Software Engineering 


Test Management 


Functional Testing 


Case Management 


Service Platform and 
Infrastructure 


Software Engineering 


Test Management 


Usability Testing (508 Testing) | 


Access Control 


Service Platform and 
Infrastructure 


Support Platforms 


Platform Dependent 


Windows 2000 


Case Management 


|Service Platform and 
Infrastructure 


Support Platforms 


Platform Independent 


lava 2 Platform Enterprise Edition (J2EE) 



Service Components identified in the previous question should be entered in this column. Please enter multiple rows for FEA SRM 
Components supported by multiple TRM Service Specifications 
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1 n the Service Specification field. Agencies should provide information on the specified technical standard or vendor product mapped to the 
FEA TRM Service Standard, including model or version numbers, as appropriate. 


5. Will the application leverage existing components and/ or 
applications across the Government (i.e., FirstGov, Pay.Gov, etc)? 


Yes 


a. If "yes," please describe. 


DTAS is linked from FirstGov.gov tliru Exports.gov. DTAS was one of the first agency PKI systems to board tlie Ouicl<silver initiative E-Autlientication. DTAS also utilizes Pay.gov 
to support automated electronic registration functions. 


6. Does this investment provide the public with access to a 
government automated information system? 


No 


a. If "yes," does customer access require specific software (e.g., a 
specific web browser version)? 





1. if "yes," provide the specific product name(s) and version 
number(s) of the required software and the date when the public will 
be able to access this investment by any software (i.e. to ensure 
equitable and timely access of government information and services). 



Exhibit 300: Part 1 1 : Planning, Acquisition and Performance Information 



1 1 .A. Alternatives Analysis 

Part 11 should be completed only for investments identified as "Planning" or "Full Acquisition," or "Mixed Life-Cycle" investments in response 
to Question 6 in Part 1, Section A above. 

1 n selecting the best capital asset, you should identify and consider at least three viable alternatives, in addition to the current baseline, i.e., 
the status quo. Use OMB Circular A- 94 for all investments, and the dinger Cohen Act of 1996 for IT investments, to determine the criteria 
you should use in your Benefit/ Cost Analysis. 

1. Did you conduct an alternatives analysis for this project? Yes 

a. if "yes," provide the date the analysis was completed? 3/1/2001 

b. if "no," what is the anticipated date this analysis will be completed? 

c. if no analysis is planned, please briefly explain why: 



1 1 .8. Risic Management 

You should have performed a risk assessment during the early planning and initial concept phase of this investment's life-cycle, developed a 
risk-adjusted life-cycle cost estimate and a plan to eliminate, mitigate or manage risk, and be actively managing risk throughout the 
investment's life-cycle. 

1. Does the investment have a Risk Management Plan? Yes 
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a. If "yes," what is the date of the plan? 



1/31/2007 



b. Has the Risk Management Plan been significantly changed since No 
last year's submission to OMB? 

c. If "yes," describe any significant changes: 

Risks included in the plan were examined to determine if any new risl<s needed to be added. Tlie program is very mature and on schedule & on budget. No new risl<s have 
materialized. Peformance measures are exceeding estimates and plans. 

2. If there currently is no plan, will a plan be developed? 

a. If "yes," what is the planned completion date? 

b. If "no," what is the strategy for managing the risks? 

I _^ • ^ 

3. Briefly describe how investment risks are reflected in the life cycle cost estimate and investment schedule: 

Investment risks are carefully monitored throughout the investment development period. The DTAS system is being built in useful and complete segments (4) that each have 
demonstrable uses and value to minimize the risk of "non-completion" and loss of investment. Portions of all 4 of the segments are now in use and delivering value to the 
government and the numerous industry customers of DDTC. The performance statistics demonstrate the value of this risk management approach very clearly. Approximately 
60% of license applications are now processed and approved using D-Trade. Compliance cases are now all stored and managed from T-RECS. 1/5/2007 
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